if_tun.c revision 271867
1265236Sken/* $NetBSD: if_tun.c,v 1.14 1994/06/29 06:36:25 cgd Exp $ */ 2265236Sken 3265236Sken/*- 4265236Sken * Copyright (c) 1988, Julian Onions <jpo@cs.nott.ac.uk> 5265236Sken * Nottingham University 1987. 6265236Sken * 7265236Sken * This source may be freely distributed, however I would be interested 8265236Sken * in any changes that are made. 9265236Sken * 10265236Sken * This driver takes packets off the IP i/f and hands them up to a 11265236Sken * user process to have its wicked way with. This driver has it's 12265236Sken * roots in a similar driver written by Phil Cockcroft (formerly) at 13265236Sken * UCL. This driver is based much more on read/write/poll mode of 14265236Sken * operation though. 15265236Sken * 16265236Sken * $FreeBSD: head/sys/net/if_tun.c 271867 2014-09-19 10:39:58Z glebius $ 17265236Sken */ 18265236Sken 19265236Sken#include "opt_inet.h" 20265236Sken#include "opt_inet6.h" 21265236Sken 22265236Sken#include <sys/param.h> 23265236Sken#include <sys/priv.h> 24265236Sken#include <sys/proc.h> 25265236Sken#include <sys/systm.h> 26265236Sken#include <sys/jail.h> 27265236Sken#include <sys/mbuf.h> 28265236Sken#include <sys/module.h> 29265236Sken#include <sys/socket.h> 30265236Sken#include <sys/fcntl.h> 31265236Sken#include <sys/filio.h> 32265236Sken#include <sys/sockio.h> 33265236Sken#include <sys/ttycom.h> 34265236Sken#include <sys/poll.h> 35265236Sken#include <sys/selinfo.h> 36265236Sken#include <sys/signalvar.h> 37265236Sken#include <sys/filedesc.h> 38265236Sken#include <sys/kernel.h> 39265236Sken#include <sys/sysctl.h> 40265236Sken#include <sys/conf.h> 41265236Sken#include <sys/uio.h> 42265236Sken#include <sys/malloc.h> 43265236Sken#include <sys/random.h> 44265236Sken 45265236Sken#include <net/if.h> 46265236Sken#include <net/if_var.h> 47265236Sken#include <net/if_clone.h> 48265236Sken#include <net/if_types.h> 49265236Sken#include <net/netisr.h> 50265236Sken#include <net/route.h> 51265236Sken#include <net/vnet.h> 52265236Sken#ifdef INET 53265236Sken#include <netinet/in.h> 54265236Sken#endif 55265236Sken#include <net/bpf.h> 56265236Sken#include <net/if_tun.h> 57265236Sken 58265236Sken#include <sys/queue.h> 59265236Sken#include <sys/condvar.h> 60265236Sken 61265236Sken#include <security/mac/mac_framework.h> 62265236Sken 63265236Sken/* 64265236Sken * tun_list is protected by global tunmtx. Other mutable fields are 65265236Sken * protected by tun->tun_mtx, or by their owning subsystem. tun_dev is 66265236Sken * static for the duration of a tunnel interface. 67265236Sken */ 68265236Skenstruct tun_softc { 69265236Sken TAILQ_ENTRY(tun_softc) tun_list; 70265236Sken struct cdev *tun_dev; 71265236Sken u_short tun_flags; /* misc flags */ 72265236Sken#define TUN_OPEN 0x0001 73265236Sken#define TUN_INITED 0x0002 74265236Sken#define TUN_RCOLL 0x0004 75265236Sken#define TUN_IASET 0x0008 76265236Sken#define TUN_DSTADDR 0x0010 77265236Sken#define TUN_LMODE 0x0020 78265236Sken#define TUN_RWAIT 0x0040 79265236Sken#define TUN_ASYNC 0x0080 80265236Sken#define TUN_IFHEAD 0x0100 81265236Sken 82265236Sken#define TUN_READY (TUN_OPEN | TUN_INITED) 83265236Sken 84265236Sken /* 85265236Sken * XXXRW: tun_pid is used to exclusively lock /dev/tun. Is this 86265236Sken * actually needed? Can we just return EBUSY if already open? 87265236Sken * Problem is that this involved inherent races when a tun device 88265236Sken * is handed off from one process to another, as opposed to just 89265236Sken * being slightly stale informationally. 90265236Sken */ 91265236Sken pid_t tun_pid; /* owning pid */ 92265236Sken struct ifnet *tun_ifp; /* the interface */ 93265236Sken struct sigio *tun_sigio; /* information for async I/O */ 94265236Sken struct selinfo tun_rsel; /* read select */ 95265236Sken struct mtx tun_mtx; /* protect mutable softc fields */ 96265236Sken struct cv tun_cv; /* protect against ref'd dev destroy */ 97265236Sken}; 98265236Sken#define TUN2IFP(sc) ((sc)->tun_ifp) 99265236Sken 100265236Sken#define TUNDEBUG if (tundebug) if_printf 101265236Sken 102265236Sken/* 103265236Sken * All mutable global variables in if_tun are locked using tunmtx, with 104265236Sken * the exception of tundebug, which is used unlocked, and tunclones, 105265236Sken * which is static after setup. 106265236Sken */ 107265236Skenstatic struct mtx tunmtx; 108265236Skenstatic const char tunname[] = "tun"; 109265236Skenstatic MALLOC_DEFINE(M_TUN, tunname, "Tunnel Interface"); 110265236Skenstatic int tundebug = 0; 111265236Skenstatic int tundclone = 1; 112265236Skenstatic struct clonedevs *tunclones; 113265236Skenstatic TAILQ_HEAD(,tun_softc) tunhead = TAILQ_HEAD_INITIALIZER(tunhead); 114265236SkenSYSCTL_INT(_debug, OID_AUTO, if_tun_debug, CTLFLAG_RW, &tundebug, 0, ""); 115265236Sken 116265236SkenSYSCTL_DECL(_net_link); 117265236Skenstatic SYSCTL_NODE(_net_link, OID_AUTO, tun, CTLFLAG_RW, 0, 118265236Sken "IP tunnel software network interface."); 119265236SkenSYSCTL_INT(_net_link_tun, OID_AUTO, devfs_cloning, CTLFLAG_RWTUN, &tundclone, 0, 120265236Sken "Enable legacy devfs interface creation."); 121265236Sken 122265236Skenstatic void tunclone(void *arg, struct ucred *cred, char *name, 123265236Sken int namelen, struct cdev **dev); 124265236Skenstatic void tuncreate(const char *name, struct cdev *dev); 125265236Skenstatic int tunifioctl(struct ifnet *, u_long, caddr_t); 126265236Skenstatic void tuninit(struct ifnet *); 127265236Skenstatic int tunmodevent(module_t, int, void *); 128265236Skenstatic int tunoutput(struct ifnet *, struct mbuf *, 129265236Sken const struct sockaddr *, struct route *ro); 130265236Skenstatic void tunstart(struct ifnet *); 131265236Sken 132265236Skenstatic int tun_clone_create(struct if_clone *, int, caddr_t); 133265236Skenstatic void tun_clone_destroy(struct ifnet *); 134265236Skenstatic struct if_clone *tun_cloner; 135265236Sken 136265236Skenstatic d_open_t tunopen; 137265236Skenstatic d_close_t tunclose; 138265236Skenstatic d_read_t tunread; 139265236Skenstatic d_write_t tunwrite; 140265236Skenstatic d_ioctl_t tunioctl; 141265236Skenstatic d_poll_t tunpoll; 142265236Skenstatic d_kqfilter_t tunkqfilter; 143265236Sken 144265236Skenstatic int tunkqread(struct knote *, long); 145265236Skenstatic int tunkqwrite(struct knote *, long); 146265236Skenstatic void tunkqdetach(struct knote *); 147265236Sken 148265236Skenstatic struct filterops tun_read_filterops = { 149265236Sken .f_isfd = 1, 150265236Sken .f_attach = NULL, 151265236Sken .f_detach = tunkqdetach, 152265236Sken .f_event = tunkqread, 153265236Sken}; 154265236Sken 155265236Skenstatic struct filterops tun_write_filterops = { 156265236Sken .f_isfd = 1, 157265236Sken .f_attach = NULL, 158265236Sken .f_detach = tunkqdetach, 159265236Sken .f_event = tunkqwrite, 160265236Sken}; 161265236Sken 162265236Skenstatic struct cdevsw tun_cdevsw = { 163265236Sken .d_version = D_VERSION, 164265236Sken .d_flags = D_NEEDMINOR, 165265236Sken .d_open = tunopen, 166265236Sken .d_close = tunclose, 167265236Sken .d_read = tunread, 168265236Sken .d_write = tunwrite, 169265236Sken .d_ioctl = tunioctl, 170265236Sken .d_poll = tunpoll, 171265236Sken .d_kqfilter = tunkqfilter, 172265236Sken .d_name = tunname, 173265236Sken}; 174265236Sken 175265236Skenstatic int 176265236Skentun_clone_create(struct if_clone *ifc, int unit, caddr_t params) 177265236Sken{ 178265236Sken struct cdev *dev; 179265236Sken int i; 180265236Sken 181265236Sken /* find any existing device, or allocate new unit number */ 182265236Sken i = clone_create(&tunclones, &tun_cdevsw, &unit, &dev, 0); 183265236Sken if (i) { 184265236Sken /* No preexisting struct cdev *, create one */ 185265236Sken dev = make_dev(&tun_cdevsw, unit, 186265236Sken UID_UUCP, GID_DIALER, 0600, "%s%d", tunname, unit); 187265236Sken } 188265236Sken tuncreate(tunname, dev); 189265236Sken 190265236Sken return (0); 191265236Sken} 192265236Sken 193265236Skenstatic void 194265236Skentunclone(void *arg, struct ucred *cred, char *name, int namelen, 195265236Sken struct cdev **dev) 196265236Sken{ 197265236Sken char devname[SPECNAMELEN + 1]; 198265236Sken int u, i, append_unit; 199265236Sken 200265236Sken if (*dev != NULL) 201265236Sken return; 202265236Sken 203265236Sken /* 204265236Sken * If tun cloning is enabled, only the superuser can create an 205265236Sken * interface. 206265236Sken */ 207265236Sken if (!tundclone || priv_check_cred(cred, PRIV_NET_IFCREATE, 0) != 0) 208265236Sken return; 209265236Sken 210265236Sken if (strcmp(name, tunname) == 0) { 211265236Sken u = -1; 212265236Sken } else if (dev_stdclone(name, NULL, tunname, &u) != 1) 213265236Sken return; /* Don't recognise the name */ 214265236Sken if (u != -1 && u > IF_MAXUNIT) 215265236Sken return; /* Unit number too high */ 216265236Sken 217265236Sken if (u == -1) 218265236Sken append_unit = 1; 219265236Sken else 220265236Sken append_unit = 0; 221265236Sken 222265236Sken CURVNET_SET(CRED_TO_VNET(cred)); 223265236Sken /* find any existing device, or allocate new unit number */ 224265236Sken i = clone_create(&tunclones, &tun_cdevsw, &u, dev, 0); 225265236Sken if (i) { 226265236Sken if (append_unit) { 227265236Sken namelen = snprintf(devname, sizeof(devname), "%s%d", 228265236Sken name, u); 229265236Sken name = devname; 230265236Sken } 231265236Sken /* No preexisting struct cdev *, create one */ 232265236Sken *dev = make_dev_credf(MAKEDEV_REF, &tun_cdevsw, u, cred, 233265236Sken UID_UUCP, GID_DIALER, 0600, "%s", name); 234265236Sken } 235265236Sken 236265236Sken if_clone_create(name, namelen, NULL); 237265236Sken CURVNET_RESTORE(); 238265236Sken} 239265236Sken 240265236Skenstatic void 241265236Skentun_destroy(struct tun_softc *tp) 242265236Sken{ 243265236Sken struct cdev *dev; 244265236Sken 245265236Sken mtx_lock(&tp->tun_mtx); 246265236Sken if ((tp->tun_flags & TUN_OPEN) != 0) 247265236Sken cv_wait_unlock(&tp->tun_cv, &tp->tun_mtx); 248265236Sken else 249265236Sken mtx_unlock(&tp->tun_mtx); 250265236Sken 251265236Sken CURVNET_SET(TUN2IFP(tp)->if_vnet); 252265236Sken dev = tp->tun_dev; 253265236Sken bpfdetach(TUN2IFP(tp)); 254265236Sken if_detach(TUN2IFP(tp)); 255265236Sken if_free(TUN2IFP(tp)); 256265236Sken destroy_dev(dev); 257265236Sken seldrain(&tp->tun_rsel); 258265236Sken knlist_clear(&tp->tun_rsel.si_note, 0); 259265236Sken knlist_destroy(&tp->tun_rsel.si_note); 260265236Sken mtx_destroy(&tp->tun_mtx); 261265236Sken cv_destroy(&tp->tun_cv); 262265236Sken free(tp, M_TUN); 263265236Sken CURVNET_RESTORE(); 264265236Sken} 265265236Sken 266265236Skenstatic void 267265236Skentun_clone_destroy(struct ifnet *ifp) 268265236Sken{ 269265236Sken struct tun_softc *tp = ifp->if_softc; 270265236Sken 271265236Sken mtx_lock(&tunmtx); 272265236Sken TAILQ_REMOVE(&tunhead, tp, tun_list); 273265236Sken mtx_unlock(&tunmtx); 274265236Sken tun_destroy(tp); 275265236Sken} 276265236Sken 277265236Skenstatic int 278265236Skentunmodevent(module_t mod, int type, void *data) 279265236Sken{ 280265236Sken static eventhandler_tag tag; 281265236Sken struct tun_softc *tp; 282265236Sken 283265236Sken switch (type) { 284265236Sken case MOD_LOAD: 285265236Sken mtx_init(&tunmtx, "tunmtx", NULL, MTX_DEF); 286265236Sken clone_setup(&tunclones); 287265236Sken tag = EVENTHANDLER_REGISTER(dev_clone, tunclone, 0, 1000); 288265236Sken if (tag == NULL) 289265236Sken return (ENOMEM); 290265236Sken tun_cloner = if_clone_simple(tunname, tun_clone_create, 291265236Sken tun_clone_destroy, 0); 292265236Sken break; 293265236Sken case MOD_UNLOAD: 294265236Sken if_clone_detach(tun_cloner); 295265236Sken EVENTHANDLER_DEREGISTER(dev_clone, tag); 296265236Sken drain_dev_clone_events(); 297265236Sken 298265236Sken mtx_lock(&tunmtx); 299265236Sken while ((tp = TAILQ_FIRST(&tunhead)) != NULL) { 300265236Sken TAILQ_REMOVE(&tunhead, tp, tun_list); 301265236Sken mtx_unlock(&tunmtx); 302265236Sken tun_destroy(tp); 303265236Sken mtx_lock(&tunmtx); 304265236Sken } 305265236Sken mtx_unlock(&tunmtx); 306265236Sken clone_cleanup(&tunclones); 307265236Sken mtx_destroy(&tunmtx); 308265236Sken break; 309265236Sken default: 310265236Sken return EOPNOTSUPP; 311265236Sken } 312265236Sken return 0; 313265236Sken} 314265236Sken 315265236Skenstatic moduledata_t tun_mod = { 316265236Sken "if_tun", 317265236Sken tunmodevent, 318265236Sken 0 319265236Sken}; 320265236Sken 321265236SkenDECLARE_MODULE(if_tun, tun_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); 322265236SkenMODULE_VERSION(if_tun, 1); 323265236Sken 324265236Skenstatic void 325265236Skentunstart(struct ifnet *ifp) 326265236Sken{ 327265236Sken struct tun_softc *tp = ifp->if_softc; 328265236Sken struct mbuf *m; 329265236Sken 330265236Sken TUNDEBUG(ifp,"%s starting\n", ifp->if_xname); 331265236Sken if (ALTQ_IS_ENABLED(&ifp->if_snd)) { 332265236Sken IFQ_LOCK(&ifp->if_snd); 333265236Sken IFQ_POLL_NOLOCK(&ifp->if_snd, m); 334265236Sken if (m == NULL) { 335265236Sken IFQ_UNLOCK(&ifp->if_snd); 336265236Sken return; 337265236Sken } 338265236Sken IFQ_UNLOCK(&ifp->if_snd); 339265236Sken } 340265236Sken 341265236Sken mtx_lock(&tp->tun_mtx); 342265236Sken if (tp->tun_flags & TUN_RWAIT) { 343265236Sken tp->tun_flags &= ~TUN_RWAIT; 344265236Sken wakeup(tp); 345265236Sken } 346265236Sken selwakeuppri(&tp->tun_rsel, PZERO + 1); 347265236Sken KNOTE_LOCKED(&tp->tun_rsel.si_note, 0); 348265236Sken if (tp->tun_flags & TUN_ASYNC && tp->tun_sigio) { 349265236Sken mtx_unlock(&tp->tun_mtx); 350265236Sken pgsigio(&tp->tun_sigio, SIGIO, 0); 351265236Sken } else 352265236Sken mtx_unlock(&tp->tun_mtx); 353265236Sken} 354265236Sken 355265236Sken/* XXX: should return an error code so it can fail. */ 356265236Skenstatic void 357265236Skentuncreate(const char *name, struct cdev *dev) 358265236Sken{ 359265236Sken struct tun_softc *sc; 360265236Sken struct ifnet *ifp; 361265236Sken 362265236Sken sc = malloc(sizeof(*sc), M_TUN, M_WAITOK | M_ZERO); 363265236Sken mtx_init(&sc->tun_mtx, "tun_mtx", NULL, MTX_DEF); 364265236Sken cv_init(&sc->tun_cv, "tun_condvar"); 365265236Sken sc->tun_flags = TUN_INITED; 366265236Sken sc->tun_dev = dev; 367265236Sken mtx_lock(&tunmtx); 368265236Sken TAILQ_INSERT_TAIL(&tunhead, sc, tun_list); 369265236Sken mtx_unlock(&tunmtx); 370265236Sken 371265236Sken ifp = sc->tun_ifp = if_alloc(IFT_PPP); 372265236Sken if (ifp == NULL) 373265236Sken panic("%s%d: failed to if_alloc() interface.\n", 374265236Sken name, dev2unit(dev)); 375265236Sken if_initname(ifp, name, dev2unit(dev)); 376265236Sken ifp->if_mtu = TUNMTU; 377265236Sken ifp->if_ioctl = tunifioctl; 378265236Sken ifp->if_output = tunoutput; 379265236Sken ifp->if_start = tunstart; 380265236Sken ifp->if_flags = IFF_POINTOPOINT | IFF_MULTICAST; 381265236Sken ifp->if_softc = sc; 382265236Sken IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen); 383265236Sken ifp->if_snd.ifq_drv_maxlen = 0; 384265236Sken IFQ_SET_READY(&ifp->if_snd); 385265236Sken knlist_init_mtx(&sc->tun_rsel.si_note, &sc->tun_mtx); 386265236Sken ifp->if_capabilities |= IFCAP_LINKSTATE; 387265236Sken ifp->if_capenable |= IFCAP_LINKSTATE; 388265236Sken 389265236Sken if_attach(ifp); 390265236Sken bpfattach(ifp, DLT_NULL, sizeof(u_int32_t)); 391265236Sken dev->si_drv1 = sc; 392265236Sken TUNDEBUG(ifp, "interface %s is created, minor = %#x\n", 393265236Sken ifp->if_xname, dev2unit(dev)); 394265236Sken} 395265236Sken 396265236Skenstatic int 397265236Skentunopen(struct cdev *dev, int flag, int mode, struct thread *td) 398265236Sken{ 399265236Sken struct ifnet *ifp; 400265236Sken struct tun_softc *tp; 401265236Sken 402265236Sken /* 403265236Sken * XXXRW: Non-atomic test and set of dev->si_drv1 requires 404265236Sken * synchronization. 405265236Sken */ 406265236Sken tp = dev->si_drv1; 407265236Sken if (!tp) { 408265236Sken tuncreate(tunname, dev); 409265236Sken tp = dev->si_drv1; 410265236Sken } 411265236Sken 412265236Sken /* 413265236Sken * XXXRW: This use of tun_pid is subject to error due to the 414265236Sken * fact that a reference to the tunnel can live beyond the 415265236Sken * death of the process that created it. Can we replace this 416265236Sken * with a simple busy flag? 417265236Sken */ 418265236Sken mtx_lock(&tp->tun_mtx); 419265236Sken if (tp->tun_pid != 0 && tp->tun_pid != td->td_proc->p_pid) { 420265236Sken mtx_unlock(&tp->tun_mtx); 421265236Sken return (EBUSY); 422265236Sken } 423265236Sken tp->tun_pid = td->td_proc->p_pid; 424265236Sken 425265236Sken tp->tun_flags |= TUN_OPEN; 426265236Sken ifp = TUN2IFP(tp); 427265236Sken if_link_state_change(ifp, LINK_STATE_UP); 428265236Sken TUNDEBUG(ifp, "open\n"); 429265236Sken mtx_unlock(&tp->tun_mtx); 430265236Sken 431265236Sken return (0); 432265236Sken} 433265236Sken 434265236Sken/* 435265236Sken * tunclose - close the device - mark i/f down & delete 436265236Sken * routing info 437265236Sken */ 438265236Skenstatic int 439265236Skentunclose(struct cdev *dev, int foo, int bar, struct thread *td) 440265236Sken{ 441265236Sken struct tun_softc *tp; 442265236Sken struct ifnet *ifp; 443265236Sken 444265236Sken tp = dev->si_drv1; 445265236Sken ifp = TUN2IFP(tp); 446265236Sken 447265236Sken mtx_lock(&tp->tun_mtx); 448265236Sken tp->tun_flags &= ~TUN_OPEN; 449265236Sken tp->tun_pid = 0; 450265236Sken 451265236Sken /* 452265236Sken * junk all pending output 453265236Sken */ 454265236Sken CURVNET_SET(ifp->if_vnet); 455265236Sken IFQ_PURGE(&ifp->if_snd); 456265236Sken 457265236Sken if (ifp->if_flags & IFF_UP) { 458265236Sken mtx_unlock(&tp->tun_mtx); 459265236Sken if_down(ifp); 460265236Sken mtx_lock(&tp->tun_mtx); 461265236Sken } 462265236Sken 463265236Sken /* Delete all addresses and routes which reference this interface. */ 464265236Sken if (ifp->if_drv_flags & IFF_DRV_RUNNING) { 465265236Sken struct ifaddr *ifa; 466265236Sken 467265236Sken ifp->if_drv_flags &= ~IFF_DRV_RUNNING; 468265236Sken mtx_unlock(&tp->tun_mtx); 469265236Sken TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 470265236Sken /* deal w/IPv4 PtP destination; unlocked read */ 471265236Sken if (ifa->ifa_addr->sa_family == AF_INET) { 472265236Sken rtinit(ifa, (int)RTM_DELETE, 473265236Sken tp->tun_flags & TUN_DSTADDR ? RTF_HOST : 0); 474265236Sken } else { 475265236Sken rtinit(ifa, (int)RTM_DELETE, 0); 476265236Sken } 477265236Sken } 478265236Sken if_purgeaddrs(ifp); 479265236Sken mtx_lock(&tp->tun_mtx); 480265236Sken } 481265236Sken if_link_state_change(ifp, LINK_STATE_DOWN); 482265236Sken CURVNET_RESTORE(); 483265236Sken 484265236Sken funsetown(&tp->tun_sigio); 485265236Sken selwakeuppri(&tp->tun_rsel, PZERO + 1); 486265236Sken KNOTE_LOCKED(&tp->tun_rsel.si_note, 0); 487265236Sken TUNDEBUG (ifp, "closed\n"); 488265236Sken 489265236Sken cv_broadcast(&tp->tun_cv); 490265236Sken mtx_unlock(&tp->tun_mtx); 491265236Sken return (0); 492265236Sken} 493265236Sken 494265236Skenstatic void 495265236Skentuninit(struct ifnet *ifp) 496265236Sken{ 497265236Sken struct tun_softc *tp = ifp->if_softc; 498265236Sken#ifdef INET 499265236Sken struct ifaddr *ifa; 500265236Sken#endif 501265236Sken 502265236Sken TUNDEBUG(ifp, "tuninit\n"); 503265236Sken 504265236Sken mtx_lock(&tp->tun_mtx); 505265236Sken ifp->if_flags |= IFF_UP; 506265236Sken ifp->if_drv_flags |= IFF_DRV_RUNNING; 507265236Sken getmicrotime(&ifp->if_lastchange); 508265236Sken 509265236Sken#ifdef INET 510265236Sken if_addr_rlock(ifp); 511265236Sken TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 512265236Sken if (ifa->ifa_addr->sa_family == AF_INET) { 513265236Sken struct sockaddr_in *si; 514265236Sken 515265236Sken si = (struct sockaddr_in *)ifa->ifa_addr; 516265236Sken if (si->sin_addr.s_addr) 517265236Sken tp->tun_flags |= TUN_IASET; 518265236Sken 519265236Sken si = (struct sockaddr_in *)ifa->ifa_dstaddr; 520265236Sken if (si && si->sin_addr.s_addr) 521265236Sken tp->tun_flags |= TUN_DSTADDR; 522265236Sken } 523265236Sken } 524265236Sken if_addr_runlock(ifp); 525265236Sken#endif 526265236Sken mtx_unlock(&tp->tun_mtx); 527265236Sken} 528265236Sken 529265236Sken/* 530265236Sken * Process an ioctl request. 531265236Sken */ 532265236Skenstatic int 533265236Skentunifioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 534265236Sken{ 535265236Sken struct ifreq *ifr = (struct ifreq *)data; 536265236Sken struct tun_softc *tp = ifp->if_softc; 537265236Sken struct ifstat *ifs; 538265236Sken int error = 0; 539265236Sken 540265236Sken switch(cmd) { 541265236Sken case SIOCGIFSTATUS: 542265236Sken ifs = (struct ifstat *)data; 543265236Sken mtx_lock(&tp->tun_mtx); 544265236Sken if (tp->tun_pid) 545265236Sken snprintf(ifs->ascii, sizeof(ifs->ascii), 546265236Sken "\tOpened by PID %d\n", tp->tun_pid); 547265236Sken else 548265236Sken ifs->ascii[0] = '\0'; 549265236Sken mtx_unlock(&tp->tun_mtx); 550265236Sken break; 551265236Sken case SIOCSIFADDR: 552265236Sken tuninit(ifp); 553265236Sken TUNDEBUG(ifp, "address set\n"); 554265236Sken break; 555265236Sken case SIOCSIFMTU: 556265236Sken ifp->if_mtu = ifr->ifr_mtu; 557265236Sken TUNDEBUG(ifp, "mtu set\n"); 558265236Sken break; 559265236Sken case SIOCSIFFLAGS: 560265236Sken case SIOCADDMULTI: 561265236Sken case SIOCDELMULTI: 562265236Sken break; 563265236Sken default: 564265236Sken error = EINVAL; 565265236Sken } 566265236Sken return (error); 567265236Sken} 568265236Sken 569265236Sken/* 570265236Sken * tunoutput - queue packets from higher level ready to put out. 571265236Sken */ 572265236Skenstatic int 573265236Skentunoutput(struct ifnet *ifp, struct mbuf *m0, const struct sockaddr *dst, 574265236Sken struct route *ro) 575265236Sken{ 576265236Sken struct tun_softc *tp = ifp->if_softc; 577265236Sken u_short cached_tun_flags; 578265236Sken int error; 579265236Sken u_int32_t af; 580265236Sken 581265236Sken TUNDEBUG (ifp, "tunoutput\n"); 582265236Sken 583265236Sken#ifdef MAC 584265236Sken error = mac_ifnet_check_transmit(ifp, m0); 585265236Sken if (error) { 586265236Sken m_freem(m0); 587265236Sken return (error); 588265236Sken } 589265236Sken#endif 590265236Sken 591265236Sken /* Could be unlocked read? */ 592265236Sken mtx_lock(&tp->tun_mtx); 593265236Sken cached_tun_flags = tp->tun_flags; 594265236Sken mtx_unlock(&tp->tun_mtx); 595265236Sken if ((cached_tun_flags & TUN_READY) != TUN_READY) { 596265236Sken TUNDEBUG (ifp, "not ready 0%o\n", tp->tun_flags); 597265236Sken m_freem (m0); 598265236Sken return (EHOSTDOWN); 599265236Sken } 600265236Sken 601265236Sken if ((ifp->if_flags & IFF_UP) != IFF_UP) { 602265236Sken m_freem (m0); 603265236Sken return (EHOSTDOWN); 604265236Sken } 605265236Sken 606265236Sken /* BPF writes need to be handled specially. */ 607265236Sken if (dst->sa_family == AF_UNSPEC) 608265236Sken bcopy(dst->sa_data, &af, sizeof(af)); 609265236Sken else 610265236Sken af = dst->sa_family; 611265236Sken 612265236Sken if (bpf_peers_present(ifp->if_bpf)) 613265236Sken bpf_mtap2(ifp->if_bpf, &af, sizeof(af), m0); 614265236Sken 615265236Sken /* prepend sockaddr? this may abort if the mbuf allocation fails */ 616265236Sken if (cached_tun_flags & TUN_LMODE) { 617265236Sken /* allocate space for sockaddr */ 618265236Sken M_PREPEND(m0, dst->sa_len, M_NOWAIT); 619265236Sken 620265236Sken /* if allocation failed drop packet */ 621265236Sken if (m0 == NULL) { 622265236Sken if_inc_counter(ifp, IFCOUNTER_IQDROPS, 1); 623265236Sken if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 624265236Sken return (ENOBUFS); 625265236Sken } else { 626265236Sken bcopy(dst, m0->m_data, dst->sa_len); 627265236Sken } 628265236Sken } 629265236Sken 630265236Sken if (cached_tun_flags & TUN_IFHEAD) { 631265236Sken /* Prepend the address family */ 632265236Sken M_PREPEND(m0, 4, M_NOWAIT); 633265236Sken 634265236Sken /* if allocation failed drop packet */ 635265236Sken if (m0 == NULL) { 636265236Sken if_inc_counter(ifp, IFCOUNTER_IQDROPS, 1); 637265236Sken if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 638265236Sken return (ENOBUFS); 639265236Sken } else 640265236Sken *(u_int32_t *)m0->m_data = htonl(af); 641265236Sken } else { 642265236Sken#ifdef INET 643265236Sken if (af != AF_INET) 644265236Sken#endif 645265236Sken { 646265236Sken m_freem(m0); 647265236Sken return (EAFNOSUPPORT); 648265236Sken } 649265236Sken } 650265236Sken 651265236Sken error = (ifp->if_transmit)(ifp, m0); 652265236Sken if (error) 653265236Sken return (ENOBUFS); 654265236Sken if_inc_counter(ifp, IFCOUNTER_OPACKETS, 1); 655265236Sken return (0); 656265236Sken} 657265236Sken 658265236Sken/* 659265236Sken * the cdevsw interface is now pretty minimal. 660265236Sken */ 661265236Skenstatic int 662265236Skentunioctl(struct cdev *dev, u_long cmd, caddr_t data, int flag, 663265236Sken struct thread *td) 664265236Sken{ 665265236Sken int error; 666265236Sken struct tun_softc *tp = dev->si_drv1; 667265236Sken struct tuninfo *tunp; 668265236Sken 669265236Sken switch (cmd) { 670265236Sken case TUNSIFINFO: 671265236Sken tunp = (struct tuninfo *)data; 672265236Sken if (tunp->mtu < IF_MINMTU) 673265236Sken return (EINVAL); 674265236Sken if (TUN2IFP(tp)->if_mtu != tunp->mtu) { 675265236Sken error = priv_check(td, PRIV_NET_SETIFMTU); 676265236Sken if (error) 677265236Sken return (error); 678265236Sken } 679265236Sken mtx_lock(&tp->tun_mtx); 680265236Sken TUN2IFP(tp)->if_mtu = tunp->mtu; 681265236Sken TUN2IFP(tp)->if_type = tunp->type; 682265236Sken TUN2IFP(tp)->if_baudrate = tunp->baudrate; 683265236Sken mtx_unlock(&tp->tun_mtx); 684265236Sken break; 685265236Sken case TUNGIFINFO: 686265236Sken tunp = (struct tuninfo *)data; 687265236Sken mtx_lock(&tp->tun_mtx); 688265236Sken tunp->mtu = TUN2IFP(tp)->if_mtu; 689265236Sken tunp->type = TUN2IFP(tp)->if_type; 690265236Sken tunp->baudrate = TUN2IFP(tp)->if_baudrate; 691265236Sken mtx_unlock(&tp->tun_mtx); 692265236Sken break; 693265236Sken case TUNSDEBUG: 694265236Sken tundebug = *(int *)data; 695265236Sken break; 696265236Sken case TUNGDEBUG: 697265236Sken *(int *)data = tundebug; 698265236Sken break; 699265236Sken case TUNSLMODE: 700265236Sken mtx_lock(&tp->tun_mtx); 701265236Sken if (*(int *)data) { 702265236Sken tp->tun_flags |= TUN_LMODE; 703265236Sken tp->tun_flags &= ~TUN_IFHEAD; 704265236Sken } else 705265236Sken tp->tun_flags &= ~TUN_LMODE; 706265236Sken mtx_unlock(&tp->tun_mtx); 707265236Sken break; 708265236Sken case TUNSIFHEAD: 709265236Sken mtx_lock(&tp->tun_mtx); 710265236Sken if (*(int *)data) { 711265236Sken tp->tun_flags |= TUN_IFHEAD; 712265236Sken tp->tun_flags &= ~TUN_LMODE; 713265236Sken } else 714265236Sken tp->tun_flags &= ~TUN_IFHEAD; 715265236Sken mtx_unlock(&tp->tun_mtx); 716265236Sken break; 717265236Sken case TUNGIFHEAD: 718265236Sken mtx_lock(&tp->tun_mtx); 719265236Sken *(int *)data = (tp->tun_flags & TUN_IFHEAD) ? 1 : 0; 720265236Sken mtx_unlock(&tp->tun_mtx); 721265236Sken break; 722265236Sken case TUNSIFMODE: 723265236Sken /* deny this if UP */ 724265236Sken if (TUN2IFP(tp)->if_flags & IFF_UP) 725265236Sken return(EBUSY); 726265236Sken 727265236Sken switch (*(int *)data & ~IFF_MULTICAST) { 728265236Sken case IFF_POINTOPOINT: 729265236Sken case IFF_BROADCAST: 730265236Sken mtx_lock(&tp->tun_mtx); 731265236Sken TUN2IFP(tp)->if_flags &= 732265236Sken ~(IFF_BROADCAST|IFF_POINTOPOINT|IFF_MULTICAST); 733265236Sken TUN2IFP(tp)->if_flags |= *(int *)data; 734265236Sken mtx_unlock(&tp->tun_mtx); 735265236Sken break; 736265236Sken default: 737265236Sken return(EINVAL); 738265236Sken } 739265236Sken break; 740265236Sken case TUNSIFPID: 741265236Sken mtx_lock(&tp->tun_mtx); 742265236Sken tp->tun_pid = curthread->td_proc->p_pid; 743265236Sken mtx_unlock(&tp->tun_mtx); 744265236Sken break; 745265236Sken case FIONBIO: 746265236Sken break; 747265236Sken case FIOASYNC: 748265236Sken mtx_lock(&tp->tun_mtx); 749265236Sken if (*(int *)data) 750265236Sken tp->tun_flags |= TUN_ASYNC; 751265236Sken else 752265236Sken tp->tun_flags &= ~TUN_ASYNC; 753265236Sken mtx_unlock(&tp->tun_mtx); 754265236Sken break; 755265236Sken case FIONREAD: 756265236Sken if (!IFQ_IS_EMPTY(&TUN2IFP(tp)->if_snd)) { 757265236Sken struct mbuf *mb; 758265236Sken IFQ_LOCK(&TUN2IFP(tp)->if_snd); 759265236Sken IFQ_POLL_NOLOCK(&TUN2IFP(tp)->if_snd, mb); 760265236Sken for (*(int *)data = 0; mb != NULL; mb = mb->m_next) 761265236Sken *(int *)data += mb->m_len; 762265236Sken IFQ_UNLOCK(&TUN2IFP(tp)->if_snd); 763265236Sken } else 764265236Sken *(int *)data = 0; 765265236Sken break; 766265236Sken case FIOSETOWN: 767265236Sken return (fsetown(*(int *)data, &tp->tun_sigio)); 768265236Sken 769265236Sken case FIOGETOWN: 770265236Sken *(int *)data = fgetown(&tp->tun_sigio); 771265236Sken return (0); 772265236Sken 773265236Sken /* This is deprecated, FIOSETOWN should be used instead. */ 774265236Sken case TIOCSPGRP: 775265236Sken return (fsetown(-(*(int *)data), &tp->tun_sigio)); 776265236Sken 777265236Sken /* This is deprecated, FIOGETOWN should be used instead. */ 778265236Sken case TIOCGPGRP: 779265236Sken *(int *)data = -fgetown(&tp->tun_sigio); 780265236Sken return (0); 781265236Sken 782265236Sken default: 783265236Sken return (ENOTTY); 784265236Sken } 785265236Sken return (0); 786265236Sken} 787265236Sken 788265236Sken/* 789265236Sken * The cdevsw read interface - reads a packet at a time, or at 790265236Sken * least as much of a packet as can be read. 791265236Sken */ 792265236Skenstatic int 793265236Skentunread(struct cdev *dev, struct uio *uio, int flag) 794265236Sken{ 795265236Sken struct tun_softc *tp = dev->si_drv1; 796265236Sken struct ifnet *ifp = TUN2IFP(tp); 797265236Sken struct mbuf *m; 798265236Sken int error=0, len; 799265236Sken 800265236Sken TUNDEBUG (ifp, "read\n"); 801265236Sken mtx_lock(&tp->tun_mtx); 802265236Sken if ((tp->tun_flags & TUN_READY) != TUN_READY) { 803265236Sken mtx_unlock(&tp->tun_mtx); 804265236Sken TUNDEBUG (ifp, "not ready 0%o\n", tp->tun_flags); 805265236Sken return (EHOSTDOWN); 806265236Sken } 807265236Sken 808265236Sken tp->tun_flags &= ~TUN_RWAIT; 809265236Sken 810265236Sken do { 811265236Sken IFQ_DEQUEUE(&ifp->if_snd, m); 812265236Sken if (m == NULL) { 813265236Sken if (flag & O_NONBLOCK) { 814265236Sken mtx_unlock(&tp->tun_mtx); 815265236Sken return (EWOULDBLOCK); 816265236Sken } 817265236Sken tp->tun_flags |= TUN_RWAIT; 818265236Sken error = mtx_sleep(tp, &tp->tun_mtx, PCATCH | (PZERO + 1), 819265236Sken "tunread", 0); 820265236Sken if (error != 0) { 821265236Sken mtx_unlock(&tp->tun_mtx); 822265236Sken return (error); 823265236Sken } 824265236Sken } 825265236Sken } while (m == NULL); 826265236Sken mtx_unlock(&tp->tun_mtx); 827265236Sken 828265236Sken while (m && uio->uio_resid > 0 && error == 0) { 829265236Sken len = min(uio->uio_resid, m->m_len); 830265236Sken if (len != 0) 831265236Sken error = uiomove(mtod(m, void *), len, uio); 832265236Sken m = m_free(m); 833265236Sken } 834265236Sken 835265236Sken if (m) { 836265236Sken TUNDEBUG(ifp, "Dropping mbuf\n"); 837265236Sken m_freem(m); 838265236Sken } 839265236Sken return (error); 840265236Sken} 841265236Sken 842265236Sken/* 843265236Sken * the cdevsw write interface - an atomic write is a packet - or else! 844265236Sken */ 845265236Skenstatic int 846265236Skentunwrite(struct cdev *dev, struct uio *uio, int flag) 847265236Sken{ 848265236Sken struct tun_softc *tp = dev->si_drv1; 849265236Sken struct ifnet *ifp = TUN2IFP(tp); 850265236Sken struct mbuf *m; 851265236Sken uint32_t family; 852265236Sken int isr; 853265236Sken 854265236Sken TUNDEBUG(ifp, "tunwrite\n"); 855265236Sken 856265236Sken if ((ifp->if_flags & IFF_UP) != IFF_UP) 857265236Sken /* ignore silently */ 858265236Sken return (0); 859265236Sken 860265236Sken if (uio->uio_resid == 0) 861265236Sken return (0); 862265236Sken 863265236Sken if (uio->uio_resid < 0 || uio->uio_resid > TUNMRU) { 864265236Sken TUNDEBUG(ifp, "len=%zd!\n", uio->uio_resid); 865265236Sken return (EIO); 866265236Sken } 867265236Sken 868265236Sken if ((m = m_uiotombuf(uio, M_NOWAIT, 0, 0, M_PKTHDR)) == NULL) { 869265236Sken if_inc_counter(ifp, IFCOUNTER_IERRORS, 1); 870265236Sken return (ENOBUFS); 871265236Sken } 872265236Sken 873265236Sken m->m_pkthdr.rcvif = ifp; 874265236Sken#ifdef MAC 875265236Sken mac_ifnet_create_mbuf(ifp, m); 876265236Sken#endif 877265236Sken 878265236Sken /* Could be unlocked read? */ 879265236Sken mtx_lock(&tp->tun_mtx); 880265236Sken if (tp->tun_flags & TUN_IFHEAD) { 881265236Sken mtx_unlock(&tp->tun_mtx); 882265236Sken if (m->m_len < sizeof(family) && 883265236Sken (m = m_pullup(m, sizeof(family))) == NULL) 884265236Sken return (ENOBUFS); 885265236Sken family = ntohl(*mtod(m, u_int32_t *)); 886265236Sken m_adj(m, sizeof(family)); 887265236Sken } else { 888265236Sken mtx_unlock(&tp->tun_mtx); 889265236Sken family = AF_INET; 890265236Sken } 891265236Sken 892265236Sken BPF_MTAP2(ifp, &family, sizeof(family), m); 893265236Sken 894265236Sken switch (family) { 895265236Sken#ifdef INET 896265236Sken case AF_INET: 897265236Sken isr = NETISR_IP; 898265236Sken break; 899265236Sken#endif 900265236Sken#ifdef INET6 901265236Sken case AF_INET6: 902265236Sken isr = NETISR_IPV6; 903265236Sken break; 904265236Sken#endif 905265236Sken default: 906265236Sken m_freem(m); 907265236Sken return (EAFNOSUPPORT); 908265236Sken } 909265236Sken if (harvest.point_to_point) 910265236Sken random_harvest(&(m->m_data), 12, 2, RANDOM_NET_TUN); 911265236Sken if_inc_counter(ifp, IFCOUNTER_IBYTES, m->m_pkthdr.len); 912265236Sken if_inc_counter(ifp, IFCOUNTER_IPACKETS, 1); 913265236Sken CURVNET_SET(ifp->if_vnet); 914265236Sken M_SETFIB(m, ifp->if_fib); 915265236Sken netisr_dispatch(isr, m); 916265236Sken CURVNET_RESTORE(); 917265236Sken return (0); 918265236Sken} 919265236Sken 920265236Sken/* 921265236Sken * tunpoll - the poll interface, this is only useful on reads 922265236Sken * really. The write detect always returns true, write never blocks 923265236Sken * anyway, it either accepts the packet or drops it. 924265236Sken */ 925265236Skenstatic int 926265236Skentunpoll(struct cdev *dev, int events, struct thread *td) 927265236Sken{ 928265236Sken struct tun_softc *tp = dev->si_drv1; 929265236Sken struct ifnet *ifp = TUN2IFP(tp); 930265236Sken int revents = 0; 931265236Sken struct mbuf *m; 932265236Sken 933265236Sken TUNDEBUG(ifp, "tunpoll\n"); 934265236Sken 935265236Sken if (events & (POLLIN | POLLRDNORM)) { 936265236Sken IFQ_LOCK(&ifp->if_snd); 937265236Sken IFQ_POLL_NOLOCK(&ifp->if_snd, m); 938265236Sken if (m != NULL) { 939265236Sken TUNDEBUG(ifp, "tunpoll q=%d\n", ifp->if_snd.ifq_len); 940265236Sken revents |= events & (POLLIN | POLLRDNORM); 941265236Sken } else { 942265236Sken TUNDEBUG(ifp, "tunpoll waiting\n"); 943265236Sken selrecord(td, &tp->tun_rsel); 944265236Sken } 945265236Sken IFQ_UNLOCK(&ifp->if_snd); 946265236Sken } 947265236Sken if (events & (POLLOUT | POLLWRNORM)) 948265236Sken revents |= events & (POLLOUT | POLLWRNORM); 949265236Sken 950265236Sken return (revents); 951265236Sken} 952265236Sken 953265236Sken/* 954265236Sken * tunkqfilter - support for the kevent() system call. 955265236Sken */ 956265236Skenstatic int 957265236Skentunkqfilter(struct cdev *dev, struct knote *kn) 958265236Sken{ 959265236Sken struct tun_softc *tp = dev->si_drv1; 960265236Sken struct ifnet *ifp = TUN2IFP(tp); 961265236Sken 962265236Sken switch(kn->kn_filter) { 963265236Sken case EVFILT_READ: 964265236Sken TUNDEBUG(ifp, "%s kqfilter: EVFILT_READ, minor = %#x\n", 965265236Sken ifp->if_xname, dev2unit(dev)); 966265236Sken kn->kn_fop = &tun_read_filterops; 967265236Sken break; 968265236Sken 969265236Sken case EVFILT_WRITE: 970265236Sken TUNDEBUG(ifp, "%s kqfilter: EVFILT_WRITE, minor = %#x\n", 971265236Sken ifp->if_xname, dev2unit(dev)); 972265236Sken kn->kn_fop = &tun_write_filterops; 973265236Sken break; 974265236Sken 975265236Sken default: 976265236Sken TUNDEBUG(ifp, "%s kqfilter: invalid filter, minor = %#x\n", 977265236Sken ifp->if_xname, dev2unit(dev)); 978265236Sken return(EINVAL); 979265236Sken } 980265236Sken 981265236Sken kn->kn_hook = tp; 982265236Sken knlist_add(&tp->tun_rsel.si_note, kn, 0); 983265236Sken 984265236Sken return (0); 985265236Sken} 986265236Sken 987265236Sken/* 988265236Sken * Return true of there is data in the interface queue. 989265236Sken */ 990265236Skenstatic int 991265236Skentunkqread(struct knote *kn, long hint) 992265236Sken{ 993265236Sken int ret; 994265236Sken struct tun_softc *tp = kn->kn_hook; 995265236Sken struct cdev *dev = tp->tun_dev; 996265236Sken struct ifnet *ifp = TUN2IFP(tp); 997265236Sken 998265236Sken if ((kn->kn_data = ifp->if_snd.ifq_len) > 0) { 999265236Sken TUNDEBUG(ifp, 1000265236Sken "%s have data in the queue. Len = %d, minor = %#x\n", 1001265236Sken ifp->if_xname, ifp->if_snd.ifq_len, dev2unit(dev)); 1002265236Sken ret = 1; 1003265236Sken } else { 1004265236Sken TUNDEBUG(ifp, 1005265236Sken "%s waiting for data, minor = %#x\n", ifp->if_xname, 1006265236Sken dev2unit(dev)); 1007265236Sken ret = 0; 1008265236Sken } 1009265236Sken 1010265236Sken return (ret); 1011265236Sken} 1012265236Sken 1013265236Sken/* 1014265236Sken * Always can write, always return MTU in kn->data. 1015265236Sken */ 1016265236Skenstatic int 1017265236Skentunkqwrite(struct knote *kn, long hint) 1018265236Sken{ 1019265236Sken struct tun_softc *tp = kn->kn_hook; 1020265236Sken struct ifnet *ifp = TUN2IFP(tp); 1021265236Sken 1022265236Sken kn->kn_data = ifp->if_mtu; 1023265236Sken 1024265236Sken return (1); 1025265236Sken} 1026265236Sken 1027265236Skenstatic void 1028265236Skentunkqdetach(struct knote *kn) 1029265236Sken{ 1030265236Sken struct tun_softc *tp = kn->kn_hook; 1031265236Sken 1032265236Sken knlist_remove(&tp->tun_rsel.si_note, kn, 0); 1033265236Sken} 1034265236Sken